feat: multiple versions for the vault extension (#1661)

* feat: multiple versions for the vault extension

Build multiple versions of the vault extension on different PostgreSQL versions.
Add test for the extensions and their upgrade on PostgreSQL 15 and 17.

* fix: nixos tests for pg_repack, pgroonga, and plpgsql_check to use the supabase_admin user

We switched to using the supabase_admin user for our Postgres tests instead of the default postgres user. 
This change updates the authentication methods and user management in the NixOS test configurations for the pg_repack, pgroonga, and plpgsql_check extensions.

* fix: nixos test for plv8 extension to use the supabase_admin user

We switched to using the supabase_admin user for our Postgres tests instead of the default postgres user.
This change updates the authentication methods and user management in the NixOS test configurations for the plv8 extension.

* chore: bump one more

---------

Co-authored-by: Sam Rose <[email protected]>

Author: jfroche

ansible/vars.yml

@@ -10,9 +10,9 @@ postgres_major:
 
 # Full version strings for each major version
 postgres_release:
-  postgresorioledb-17: "17.5.1.058-orioledb"
-  postgres17: "17.6.1.037"
-  postgres15: "15.14.1.037"
+  postgresorioledb-17: "17.5.1.059-orioledb"
+  postgres17: "17.6.1.038"
+  postgres15: "15.14.1.038"
 
 # Non Postgres Extensions
 pgbouncer_release: 1.19.0

nix/ext/tests/default.nix

@@ -69,12 +69,20 @@ let
             enable = true;
             package = psql_15;
             enableTCPIP = true;
-            initialScript = pkgs.writeText "init-postgres-with-password" ''
-              CREATE USER test WITH PASSWORD 'secret';
-            '';
             authentication = ''
-              host test postgres samenet scram-sha-256
+              local all postgres peer map=postgres
+              local all all peer map=root
+            '';
+            identMap = ''
+              root root supabase_admin
+              postgres postgres postgres
             '';
+            ensureUsers = [
+              {
+                name = "supabase_admin";
+                ensureClauses.superuser = true;
+              }
+            ];
             settings = (installedExtension "15").defaultSettings or { };
           };
 

nix/ext/tests/lib.py

@@ -38,12 +38,12 @@ def __init__(
 
     def run_sql(self, query: str) -> str:
         return self.vm.succeed(
-            f"""sudo -u postgres psql -t -A -F\",\" -c \"{query}\" """
+            f"""psql -U supabase_admin -d postgres -t -A -F\",\" -c \"{query}\" """
         ).strip()
 
     def run_sql_file(self, file: str) -> str:
         return self.vm.succeed(
-            f"""sudo -u postgres psql -v ON_ERROR_STOP=1 -f \"{file}\""""
+            f"""psql -U supabase_admin -d postgres -v ON_ERROR_STOP=1 -f \"{file}\""""
         ).strip()
 
     def drop_extension(self):

nix/ext/tests/pg_repack.nix

@@ -59,12 +59,20 @@ self.inputs.nixpkgs.lib.nixos.runTest {
         enable = true;
         package = postgresqlWithExtension self.packages.${pkgs.system}.postgresql_15;
         enableTCPIP = true;
-        initialScript = pkgs.writeText "init-postgres-with-password" ''
-          CREATE USER test WITH PASSWORD 'secret';
-        '';
         authentication = ''
-          host test postgres samenet scram-sha-256
+          local all postgres peer map=postgres
+          local all all peer map=root
+        '';
+        identMap = ''
+          root root supabase_admin
+          postgres postgres postgres
         '';
+        ensureUsers = [
+          {
+            name = "supabase_admin";
+            ensureClauses.superuser = true;
+          }
+        ];
       };
 
       networking.firewall.allowedTCPPorts = [ config.services.postgresql.settings.port ];

nix/ext/tests/pgmq.nix

@@ -47,6 +47,20 @@ self.inputs.nixpkgs.lib.nixos.runTest {
       services.postgresql = {
         enable = true;
         package = (postgresqlWithExtension psql_15);
+        authentication = ''
+          local all postgres peer map=postgres
+          local all all peer map=root
+        '';
+        identMap = ''
+          root root supabase_admin
+          postgres postgres postgres
+        '';
+        ensureUsers = [
+          {
+            name = "supabase_admin";
+            ensureClauses.superuser = true;
+          }
+        ];
         settings = (installedExtension "15").defaultSettings or { };
       };
 

nix/ext/tests/pgroonga.nix

@@ -60,6 +60,21 @@ self.inputs.nixpkgs.lib.nixos.runTest {
       services.postgresql = {
         enable = true;
         package = psql_15;
+        enableTCPIP = true;
+        authentication = ''
+          local all postgres peer map=postgres
+          local all all peer map=root
+        '';
+        identMap = ''
+          root root supabase_admin
+          postgres postgres postgres
+        '';
+        ensureUsers = [
+          {
+            name = "supabase_admin";
+            ensureClauses.superuser = true;
+          }
+        ];
       };
       systemd.services.postgresql.environment.MECAB_DICDIR = "${
         self.packages.${pkgs.system}.mecab-naist-jdic
@@ -120,7 +135,6 @@ self.inputs.nixpkgs.lib.nixos.runTest {
         "17": [${lib.concatStringsSep ", " (map (s: ''"${s}"'') (versions "17"))}],
       }
       extension_name = "${pname}"
-      support_upgrade = False
       pg17_configuration = "${pg17-configuration}"
       ext_has_background_worker = ${
         if (installedExtension "15") ? hasBackgroundWorker then "True" else "False"
@@ -135,7 +149,7 @@ self.inputs.nixpkgs.lib.nixos.runTest {
       server.wait_for_unit("multi-user.target")
       server.wait_for_unit("postgresql.service")
 
-      test = PostgresExtensionTest(server, extension_name, versions, sql_test_directory, support_upgrade)
+      test = PostgresExtensionTest(server, extension_name, versions, sql_test_directory)
 
       with subtest("Check upgrade path with postgresql 15"):
         test.check_upgrade_path("15")

nix/ext/tests/plpgsql_check.nix

@@ -61,12 +61,20 @@ self.inputs.nixpkgs.lib.nixos.runTest {
         enable = true;
         package = psql_15;
         enableTCPIP = true;
-        initialScript = pkgs.writeText "init-postgres-with-password" ''
-          CREATE USER test WITH PASSWORD 'secret';
-        '';
         authentication = ''
-          host test postgres samenet scram-sha-256
+          local all postgres peer map=postgres
+          local all all peer map=root
+        '';
+        identMap = ''
+          root root supabase_admin
+          postgres postgres postgres
         '';
+        ensureUsers = [
+          {
+            name = "supabase_admin";
+            ensureClauses.superuser = true;
+          }
+        ];
         settings = (installedExtension "15").defaultSettings or { };
       };
 

nix/ext/tests/plv8.nix

@@ -60,6 +60,20 @@ self.inputs.nixpkgs.lib.nixos.runTest {
       services.postgresql = {
         enable = true;
         package = postgresqlWithExtension self.packages.${pkgs.system}.postgresql_15;
+        authentication = ''
+          local all postgres peer map=postgres
+          local all all peer map=root
+        '';
+        identMap = ''
+          root root supabase_admin
+          postgres postgres postgres
+        '';
+        ensureUsers = [
+          {
+            name = "supabase_admin";
+            ensureClauses.superuser = true;
+          }
+        ];
       };
     };
   testScript =

nix/ext/tests/timescaledb.nix

@@ -46,6 +46,22 @@ self.inputs.nixpkgs.lib.nixos.runTest {
       services.postgresql = {
         enable = true;
         package = (postgresqlWithExtension psql_15);
+        authentication = ''
+          local all postgres peer map=postgres
+          local all all peer map=root
+        '';
+        identMap = ''
+          root root supabase_admin
+          postgres postgres postgres
+        '';
+        ensureUsers = [
+          {
+            name = "supabase_admin";
+            ensureClauses.superuser = true;
+          }
+          { name = "service_role"; }
+        ];
+
         settings = {
           shared_preload_libraries = "timescaledb";
         };